Thilo Planz [TP], on Friday, January 28, 2005 at 18:31 (+0900) wrote these comments:
TP> sub image_exist{ TP> my ($id, $date) = @_; TP> my ($count) = $mydbh->selectrow_array ( TP> ' select count(*) from pic where id = ? ', TP> {}, # no attributes TP> $id TP> ); TP> print $count ? "$id exist\n" : "$id not exist\n"; TP> } yes, this is nice, and I understand this, I don't need to call finish(), because it always get me 1 line. Nice. Also I can use: ' select count(*) from pic where id = ? ', undef, $id right ? But {} is shorter :) So my TP> Using bind variables is always preferable, for example because if $id TP> contains something other than you think it does, TP> it could change the SQL statement itself, with all kinds of possibly TP> bad results. hm, I know what I'm doing here - I have 2 databases (one in mysql, other in mssql), and ID is always (!) number - it is unique identifier, user have no possiblity to change id. Of course, I know, why it is better variables - for security reasons. TP> This will happen if $id is undefined. TP> Perl warns about this, and the SQL becomes invalid: >> select ID from pic where id = -- and nothing more TP> With bind variables, this will not make Perl warnings or SQL errors, TP> but will just return "not exist". TP> You should check why this subroutine gets an undefined $id (probably an TP> error in the calling code) and what to do in this case. yes, but this is that interesting thing. I always call it with some ID, id is always defined. When I ran script with variables, (same ids) it worked, when I put $id inside statement it failed (with same ids) again thanks for nice reply! After some changes, my subroutine is: sub image_exist { my ($count) = $mydbh->selectrow_array (' select count(*) from pic where id = ? ', {}, $_[0]); return $count; } -- ...m8s, cu l8r, Brano. [You don't need to be a cannibal to be fed up with Bill Clinton.]